browser crashed on page view - Trunk [@ nsPluginInstancePeerImpl::GetOwner]

VERIFIED FIXED

Status

()

defect
--
critical
VERIFIED FIXED
17 years ago
17 years ago

People

(Reporter: dp+moz, Assigned: srgchrpv)

Tracking

(4 keywords)

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [adt2 RTM][PL RTM][fix-trunk][verified-trunk], crash signature, )

Attachments

(2 attachments, 2 obsolete attachments)

Reporter

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1a+) Gecko/20020621
BuildID:    2002062109


Browser crashes after rendering some portion of
http://www.geocities.com/bobsledding2000/bobbypix2002.html

I happened upon this page at random housing listing on craigslist.org.
After restarting and revisiting, crash reproduced.

Reproducible: Always
Steps to Reproduce:
1. Visit http://www.geocities.com/bobsledding2000/bobbypix2002.html
2.
3.

Actual Results:  crash, feedback agent.
Reporter

Comment 1

17 years ago
This page, although ugly, works fine in IE and in NN 4.x.

Updated

17 years ago
Keywords: crash
Confirmed, 2002-06-21-04 on Windows 98 SE.

TB7600559M
Status: UNCONFIRMED → NEW
Ever confirmed: true
Posted file Testcase that will crash Mozilla (obsolete) —
Comment on attachment 88774 [details]
Testcase that will crash Mozilla

Hmm, testcase did not crash when loaded over HTTP.
Attachment #88774 - Attachment is obsolete: true
It crashes on (attachment 88775 [details]): <embed hidden=TRUE></embed>
But not on (attachment 88774 [details]):    <embed hidden=true></embed>

Crash is always in GKPLUGIN.DLL
Assignee: Matti99 → beppe
Component: Browser-General → Plug-ins
Keywords: testcase
QA Contact: imajes-qa → shrir
For * found plugin D:\moz_source\gmake\mozilla\win32_de\dist\bin\plugins\npnul32
.dll
###!!! ASSERTION: Plugin performed illegal operation: 'PR_FALSE', file d:/moz_so
urce/gmake/mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp, line 6162

nsPluginInstancePeerImpl::GetOwner(nsIPluginInstanceOwner * & 0x00000000) line 
842 + 6 bytes
nsPluginHostImpl::HandleBadPlugin(nsPluginHostImpl * const 0x0108263c, PRLibrary 
* 0x01082ed8, nsIPluginInstance * 0x04463020) line 6173 + 61 bytes
ns4xPluginInstance::InitializePlugin(nsIPluginInstancePeer * 0x0444ff30) line 
778 + 276 bytes
ns4xPluginInstance::Initialize(ns4xPluginInstance * const 0x04463020, 
nsIPluginInstancePeer * 0x0444ff30) line 630
nsPluginHostImpl::SetUpDefaultPluginInstance(const char * 0x0012fb14, nsIURI * 
0x043d1098, nsIPluginInstanceOwner * 0x043db820) line 4097 + 21 bytes
nsPluginHostImpl::InstantiateEmbededPlugin(nsPluginHostImpl * const 0x0108263c, 
const char * 0x0012fb14, nsIURI * 0x043d1098, nsIPluginInstanceOwner * 
0x043db820) line 3502 + 23 bytes
nsPluginStreamListenerPeer::OnStartRequest(nsPluginStreamListenerPeer * const 
0x043d1010, nsIRequest * 0x043d1378, nsISupports * 0x00000000) line 2063 + 47 
bytes
nsHttpChannel::ProcessNormal() line 625 + 60 bytes
nsHttpChannel::ProcessResponse() line 527 + 8 bytes
nsHttpChannel::OnStartRequest(nsHttpChannel * const 0x043d137c, nsIRequest * 
0x043f58dc, nsISupports * 0x00000000) line 2824 + 11 bytes
nsOnStartRequestEvent::HandleEvent() line 161 + 53 bytes
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x04454acc) line 116
PL_HandleEvent(PLEvent * 0x04454acc) line 596 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ff7600) line 526 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x011e0110, unsigned int 49407, unsigned int 0, 
long 16741888) line 1077 + 9 bytes
USER32! 77e01b60()
USER32! 77e01cca()
USER32! 77e083f1()
nsAppShellService::Run(nsAppShellService * const 0x0159b400) line 458
main1(int 2, char * * 0x00283160, nsISupports * 0x00000000) line 1456 + 32 bytes
main(int 2, char * * 0x00283160) line 1805 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e7d326()
Summary: browser crashed on page view → browser crashed on page view [@ nsPluginInstancePeerImpl::GetOwner]
Reporter

Comment 8

17 years ago
no crash (WFM) on Mozilla 1.0, Solaris SPARC.

Comment 9

17 years ago
*** Bug 153833 has been marked as a duplicate of this bug. ***

Comment 10

17 years ago
hm..I can't seem to reproduce in either debug or release branch builds. I did
open bug 153920 about problems with the OBJECT tag and embedded documents.

Comment 11

17 years ago
Probably is not the bug of mozilla, it is the bug of plugin used. Using
npaudio.dll works fine. Could some one show an about:plugins page, where mozilla
crashed?
Still crashes, 2002-06-24-08 trunk win98: TB7668345X
Posted file My "About Plug-ins" (obsolete) —

Comment 14

17 years ago
Adding topcrash+ and regression keywords, this is a topcrasher with recent
MozillaTrunk builds.  It appears to be some kind of regression, starting with
builds from 6/17.  Anyone know of a checkin on 6/17 that might have caused this
crash?
Summary: browser crashed on page view [@ nsPluginInstancePeerImpl::GetOwner] → browser crashed on page view - Trunk [@ nsPluginInstancePeerImpl::GetOwner]
Assignee

Comment 15

17 years ago
on my plate, the patch is folowing
Assignee: beppe → serge

Comment 16

17 years ago
Comment on attachment 88970 [details]
My "About Plug-ins"

um...no..this is a dynamic page, p/lease copy/paste!
Attachment #88970 - Attachment is obsolete: true

Comment 17

17 years ago
Comment on attachment 88970 [details]
My "About Plug-ins"

um...no..this is a dynamic page, please copy/paste!
Assignee

Comment 18

17 years ago
Posted patch patch v1Splinter Review
after 
NS_IMETHODIMP ns4xPluginInstance::GetPeer(nsIPluginInstancePeer*
*resultingPeer)
{
  *resultingPeer = mPeer;
  NS_IF_ADDREF(*resultingPeer); 
  return NS_OK;
}
call out param should be checked on null.

Comment 19

17 years ago
why bother checking succeeded if it always returns NS_OK?
Assignee

Comment 20

17 years ago
just in case if ns4xPluginInstance::GetPeer() will be changed in the future

Comment 21

17 years ago
Also, it may return garbage in case of failure.

Comment 22

17 years ago
Comment on attachment 88987 [details] [diff] [review]
patch v1

r=av
Attachment #88987 - Flags: review+
Assignee

Comment 23

17 years ago
ccing Patrick for possible sr=

Comment 24

17 years ago
*** Bug 153942 has been marked as a duplicate of this bug. ***
Assignee

Updated

17 years ago
Whiteboard: [adt2 RTM][PL RTM][Need sr=]

Comment 25

17 years ago
Comment on attachment 88987 [details] [diff] [review]
patch v1

sr=beard
Attachment #88987 - Flags: superreview+
Assignee

Comment 26

17 years ago
on the trunk
mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp,v  <--  
nsPluginHostImpl.cpp
new revision: 1.396; previous revision: 1.395
Thanks all.
Nominating for the branch.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Whiteboard: [adt2 RTM][PL RTM][Need sr=] → [adt2 RTM][PL RTM][fix-trunk]
*** Bug 154368 has been marked as a duplicate of this bug. ***

Comment 28

17 years ago
*** Bug 154416 has been marked as a duplicate of this bug. ***
shrir - can you pls verify that this no longer crashes with the testcases? thanks!
Blocks: 143047
Whiteboard: [adt2 RTM][PL RTM][fix-trunk] → [adt2 RTM][PL RTM][fix-trunk] [ETA 06/27]

Comment 30

17 years ago
Verified on 0626 trunk build.Checked out all testcases and dups as well. Could 
only verify on NT..looks good to me. Reporter and others who saw this crash, if 
possible, could u pls double check and confirm again on the platforms that this 
is fixed for u as well ? I am sure, it is...Thx!
No longer blocks: 143047
Status: RESOLVED → VERIFIED
Whiteboard: [adt2 RTM][PL RTM][fix-trunk] [ETA 06/27] → [adt2 RTM][PL RTM][fix-trunk][verified-trunk]
Works fine for me too, 2002-06-26-08 on Windows 98 SE.

Comment 32

17 years ago
verify working for win95 with 2002062608

Comment 33

17 years ago
verified working with testcase #2, dup 154416 on Win2K. build 2002062608.

Comment 34

17 years ago
adding adt1.0.1+.  Please get drivers approval and check into the branch.
Keywords: adt1.0.1adt1.0.1+

Comment 35

17 years ago
please checkin to the 1.0.1 branch. once there, remove the "mozilla1.0.1+"
keyword and add the "fixed1.0.1" keyword.

Updated

17 years ago
Attachment #88987 - Flags: approval+
Assignee

Comment 36

17 years ago
on the branch
mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp,v  <--  nsPluginHostImpl.cpp
new revision: 1.372.2.20; previous revision: 1.372.2.19

Comment 37

17 years ago
verif 0723 brnch, no crash.
Crash Signature: [@ nsPluginInstancePeerImpl::GetOwner]
You need to log in before you can comment on or make changes to this bug.